SFTP not working with DPI-SSH

Description

There are times when SFTP connection cannot be established with DPISSH enabled on firewall.

This document will show the error and few steps to be followed in such scenario.

Error: connection to the server failed.

Image

Resolution

We assume here that the SFTP server is on the internet and it is working fine on a system if it is directly connected to the ISP. Packet capture must be performed to check if any port is blocked. Subsequently, LAN to WAN rule should allow the concerned port. Specific rule can also be created for that source client to WAN to allow everything.

Packet capture can also show "cache add cleanup drop", here the below KB can be checked:

https://www.sonicwall.com/support/knowledge-base/how-can-i-resolve-drop-code-cache-add-cleanup/180118173647344/

 To resolve this, make sure to test it with DPI-SSH as disabled. If it works, then the SFTP server IP needs to be excluded under DPI-SSH.

For Reference:

https://www.sonicwall.com/support/knowledge-base/configuring-dpi-ssh/170818171539561/


Related Articles

  • How to block ICMP (Ping ) using Application control
    Read More
  • SonicWall GEN8 TZ and NSa Firewalls FAQ
    Read More
  • How to configure Link Aggregation
    Read More

Categories

Firewalls
NSa Series
System
not finding your answers?
Ask the Community